Why do you upgrade your management systems asynchronously to your applications? You bring this on yourself.
Perhaps, but SaaS "management systems" are out of our control. They TELL us when they upgrade, they do not ASK. A web browser isn't really an application, you can't wait to upgrade. Related head-shaker .. the premier vendor of time management (who shall remain nameless) requires an outdated version of java that has a number of known vulnerabilities. They have been doing this for several years now.
Why do you access mission-critical systems that are provably insecure from systems that also have internet access?
Because they are "hosted" magical unicorn "cloud services" .. they ARE ON the Internet.
If it's not mission-critical, then you should explain why you haven't dumped that vendor yet for shipping insecure software - an insecurity that is very easy to mitigate by them, should they have chosen to.
Contracts, that's why. And it's not "shipping" anything .. these are "enterprise" cloud services that cost on the order of $50k-$100k per year. My $0.02 .. any reference to a company fictional or not is purely coincidental, etc. Michael Holstein Cleveland State University